Privacy Policy

Last updated: May 13, 2026

1. Who we are

ForgeFit (“ForgeFit,” “we,” “our,” or “us”) operates builtinthefire.com and the ForgeFit member hub at app.builtinthefire.com. This Privacy Policy explains how we collect, use, share, and protect personal information when you visit our site, create an account, or purchase a program or membership.

2. Information we collect

  • Account information — name, email address, and password (stored as a one-way hash) when you sign up for the free trial or a membership.
  • Profile and training data — answers to the onboarding quiz, training goals, schedule, completed workouts, streaks, and progress.
  • Payment information — when you purchase a program or membership, payment is processed by Stripe. We never see or store your full card number; we only retain a card-brand, last-four, and Stripe customer ID.
  • Communications — emails you send us, replies to our newsletters, and support tickets.
  • Technical data — IP address, browser type, device type, pages viewed, and timestamps, collected through standard server logs and privacy-respecting analytics.

3. How we use information

  • To create and manage your account and membership.
  • To deliver the programs, workouts, and community access you signed up for.
  • To personalize training recommendations and coaching.
  • To process payments and prevent fraud.
  • To send service emails (receipts, password resets, important changes).
  • To send marketing emails — only if you opted in. You can unsubscribe at any time.
  • To improve the product, debug issues, and keep the service secure.

4. Who we share information with

We do not sell your personal information. We share limited data only with trusted service providers who help us run ForgeFit:

  • Stripe — payment processing.
  • Supabase — authentication and database hosting.
  • Vercel — website hosting and delivery.
  • Kit (ConvertKit) — email newsletters and marketing.
  • Shopify and Printful — physical product fulfillment if you purchase merch.

We may also disclose information when required by law, to enforce our Terms of Service, or to protect the rights, safety, or property of ForgeFit, our users, or the public.

5. Cookies and analytics

We use a small number of cookies and local-storage entries needed to keep you signed in and to measure aggregate site usage. We do not use cross-site advertising trackers. You can clear cookies in your browser at any time, but doing so will sign you out.

6. Data security

Passwords are stored as one-way bcrypt hashes. Sessions use signed, HTTP-only tokens. Payments are handled directly by Stripe over TLS. Our infrastructure runs behind a managed firewall with daily database backups. No system is 100% secure, but we take reasonable steps to protect your information.

7. Your rights

You can request to access, correct, export, or delete your personal information at any time by emailing us at support@builtinthefire.com. If you live in the EU, UK, or California, you may have additional rights under GDPR, UK GDPR, or CCPA, and we will honor them.

8. Data retention

We retain account and training data for as long as your account is active. If you cancel and ask us to delete your account, we will remove personal information within 30 days, except where we are required by law to keep certain records (for example, tax records of past purchases).

9. Children

ForgeFit is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us information, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top tells you when we last made a material change. Continued use of ForgeFit after a change means you accept the updated policy.

11. Contact us

Questions about this policy? Email support@builtinthefire.com.